Skip to main content

Configuring SSL Certificates for HTTP Server using OpenSSL

By
The SSL_CTX object uses a method as a connection method. The methods exist in a generic type (for client and server use), a server only types, and a client only type. the method can be of the TLS_method () : TLS_client_method () : TLS_server_method (): 

SSL_CTX_new():
SSL_CTX_new() creates a new SSL_CTX object as framework to establish TLS/SSL or DTLS enabled connections. An SSL_CTX object is a reference counted. Creating an SSL_CTX object for the first time increments the reference count. Freeing it (using SSL_CTX_free) decrements it. When the reference count drops to zero, any memory or resources allocated to the SSL_CTX object are freed. SSL_CTX_up_ref() increments the reference count for an existing SSL_CTX structure.
int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str):
SSL_CTX_set_cipher_list() sets the list of available ciphers for ctx using the control string str. The format of the string is described in ciphers(1). The list of ciphers is inherited by all SSL objects created from ctx.
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath);
SSL_CTX_load_verify_locations() specifies the locations for ctx, at which CA certificates for verification purposes are located. The certificates available via CAfile and CApath are trusted.
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
SSL_CTX_use_certificate_file() loads the first certificate stored in file into ctx. The formatting type of the certificate must be specified from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
SSL_CTX_use_PrivateKey_file() adds the first private key found in file to ctx. The formatting type of the certificate must be specified from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.
int SSL_CTX_check_private_key(const SSL_CTX *ctx);
SSL_CTX_check_private_key() checks the consistency of a private key with the corresponding certificate loaded into ctx. If more than one key/certificate pair (RSA/DSA) is installed, the last item installed will be checked. If e.g. the last item was an RSA certificate or key, the RSA key/certificate pair will be checked.

Creating a PEM file to initialize SSL:
After downloading SSL certificates we get three files majorly:
  1. .pem
  2. .key
  3. .crt
Three files have to be clubbed to make one pem file.
Initial .pem file looks like:
-----BEGIN CERTIFICATE-----
some random characters
-----END CERTIFICATE-----
Initial .crt file looks like:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Initial .key file contains the private key and it looks like:
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
Final File looks like:
-----BEGIN PRIVATE KEY-----
(Your Private Key: your_domain_name.key)
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----

References:
https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_use_PrivateKey_file.html
https://stackoverflow.com/questions/19029647/ssl-ctx-use-privatekey-file-failed
Labels:

Comments

Post a Comment

Popular posts from this blog

Leet Code: Problem #710 Random Pick with Blacklist

By
Given a blacklist  B containing unique integers from [0, N) , write a function to return a uniform random integer from [0, N) which is NOT  in B . Optimize it such that it minimizes the call to system’s Math.random() . Note: 1 <= N <= 1000000000 0 <= B.length < min(100000, N) [0, N)  does NOT include N. See interval notation . Example 1: Input: ["Solution","pick","pick","pick"] [[1,[]],[],[],[]] Output: [null,0,0,0] Example 2: Input: ["Solution","pick","pick","pick"] [[2,[]],[],[],[]] Output: [null,1,1,1] Example 3: Input: ["Solution","pick","pick","pick"] [[3,[1]],[],[],[]] Output: [null,0,0,2] Example 4: Input: ["Solution","pick","pick","pick"] [[4,[2]],[],[],[]] Output: [null,1,3,1] Explanation of Input Syntax: The input is two lists: the subroutines called and their argume...
Post a Comment
Read more

Leet Code: Problem: 355. Design Twitter

By
Problem Statement: Design basic twitter which lets user follow and unfollow other users and show the latest new feed related to the current user and the user followers. Implement the following APIs void postTweet(int userId, int tweetId):     Stores the tweetId against the user ID. void follow(int followerId, int followeeId):     Marks that follower ID as following followee ID void unfollow(int followerId, int followeeId):     Marks that follower ID as unfollowing followee ID vector<int> getNewsFeed(int userId):     Returns the set of the latest 10 tweetIDs which include the current user tweetIDs and tweetIDs of the user that the follower if following. Approach to the problem: First we need to store the user IDs of the people a particular user is following To store that we can use map. To optimize things instead of storing list of followers, it is better to store them in a set for quicker access. So the followers data str...
Post a Comment
Read more

LeetCode: Problem #1402. Reducing Dishes

By
Problem Statement: A chef has collected the data on the review for his dishes. Our Chef will take just 1 unit of time to prepare a dish. Our job is to tell him the dishes he has to make in the order to achieve maximum benefit. The maximum benefit is calculated using the formula time[i] * (review ratings). Example 1: Input: reviews = [-1, -10, -9, 0, 5] Output: 14 Explanation: Considering the dishes in the order of -1, 0 ,5 the calculation will be (-1 * 1 + 0 * 2 + 5 * 3) = 14 Example 2: Input: reviews = [6,5,4] Output: 32 Explanation: Considering the dishes in the order of 4, 5, 6 the calculation will be (4 * 1 + 5 * 2 + 6 * 3) = 32 Approach to the solution: Sort the given reviews so that we can concentrate only on maximum benefited reviews. Make cumulative sums from the end. This will help in deciding till which we have to consider the summation. Now start from the end at add the previous array of cumulative sums until a negative number is encountered. We have to iterate in reverse or...
Post a Comment
Read more